In certain circumstances the stack protection feature can be rendered ineffective, leaving the protected function vulnerable to stack-based buffer overflows.
CVE |
CVE-2020-24658 |
Date |
24th December 2020 |
Affects |
Arm Compiler 5.01 to 5.06u6 inclusive, if code is compiled with the options:armcc --protect_stack , or --protect_stack_all . |
Impact |
An undetected stack overflow can lead to a function return address being overwritten, potentially causing a crash or hang or allowing an attacker to gain control over program execution. |
Resolution |
This issue is fixed in Arm Compiler 5.06u7. Users are recommended to upgrade if they are impacted by this issue. |
Credit |
Thanks to Nico Golde of Apple for reporting this vulnerability. |